Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-20 | CVE-2006-1904 | Cross-Site Scripting vulnerability in Gallery Cross-site scripting (XSS) vulnerability in index.php in AnimeGenesis Gallery allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | 2.6 |
| 2006-04-20 | CVE-2006-1903 | Cross-Site Scripting vulnerability in Manila Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila allow remote attackers to inject arbitrary web script or HTML (1) via the referer parameter in sendMail, and via attributes of (2) the A element and certain other HTML elements in web pages edited with the editInBrowser module. | 2.6 |
| 2006-04-20 | CVE-2006-1902 | Buffer Errors vulnerability in GNU GCC 4.1 fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.NOTE: the vendor states that the essence of the issue is "not correctly interpreting an offset to a pointer as a signed value." | 2.1 |
| 2006-04-20 | CVE-2006-1901 | Denial-Of-Service vulnerability in Camino Mozilla Camino 1.0 and earlier allow remote attackers to cause a denial of service (null dereference and application crash or hang) via HTML with certain improperly nested elements. | 5.0 |
| 2006-04-20 | CVE-2006-1900 | Remote Buffer Overflow vulnerability in W3C Amaya 9.4 Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in (1) the COMPACT attribute of the COLGROUP element, (2) the ROWS attribute of the TEXTAREA element, and (3) the COLOR attribute of the LEGEND element; and via other unspecified attack vectors consisting of "dozens of possible snippets." | 7.6 |
| 2006-04-20 | CVE-2006-1899 | HTML Injection vulnerability in DEV Neuron Blog 1.1 Multiple cross-site scripting (XSS) vulnerabilities in dev Neuron Blog 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) website parameters. | 2.6 |
| 2006-04-20 | CVE-2006-1898 | Cross-Site Scripting vulnerability in Ralph Capper Tinyphpforum 3.6 Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper Tiny PHP Forum (TPF) 3.6 allow remote attackers to inject arbitrary web script or HTML via (1) the uname parameter in a view action in profile.php and (2) a login name. | 2.6 |
| 2006-04-20 | CVE-2006-1897 | Information Disclosure vulnerability in Talentsoft Web+ Shop 5.3.6 Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for "Script Not Found" Error is not configured, allows remote attackers to obtain sensitive information via a quote (') or possibly other invalid value in the storeid parameter in store.wml in webplus.exe, which reveals the path in a "Script Not Found" error message. | 5.0 |
| 2006-04-20 | CVE-2006-1896 | Code Injection vulnerability in PHPbb Group PHPbb Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature values, possibly involving the highlight functionality. | 6.0 |
| 2006-04-20 | CVE-2006-1895 | Unspecified vulnerability in PHPbb Group PHPbb 2.0.9 Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose ".*" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl. | 6.5 |